Comment 8 for bug 1960162

Dan, there's no perfectly clear guidelines; some security issues like buffer overflows or shell injections can lead to problems if they're widely known before fixes are available, but information leaks can be remediated by admins before fixes are available if only they knew about it.

So that's why I thought making this public sooner would be better: it's at least possible an admin can learn about this, now, and clean up old logs. (Not likely, but possible..)

I hope that makes sense. I haven't yet figured out quite how to say what I feel about this. :)

Thanks